Skip to content

feat(gdpr): author erasure (PR5 of #6701) #7550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JohnMcLear merged 9 commits into from
May 3, 2026
Merged

feat(gdpr): author erasure (PR5 of #6701) #7550

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
782e448
docs: PR5 GDPR author erasure design spec
JohnMcLear Apr 19, 2026
488fef7
docs: PR5 GDPR author erasure implementation plan
JohnMcLear Apr 19, 2026
73ae26e
feat(gdpr): AuthorManager.anonymizeAuthor — Art. 17 erasure
JohnMcLear Apr 19, 2026
63c2261
test(gdpr): AuthorManager.anonymizeAuthor unit tests
JohnMcLear Apr 19, 2026
7bce194
feat(gdpr): REST anonymizeAuthor on API version 1.3.1
JohnMcLear Apr 19, 2026
372d618
test(gdpr): REST anonymizeAuthor end-to-end
JohnMcLear Apr 19, 2026
f250f57
docs(gdpr): right-to-erasure section + anonymizeAuthor example
JohnMcLear Apr 19, 2026
16cd84a
fix(gdpr): make anonymizeAuthor resumable on partial failure
JohnMcLear Apr 19, 2026
c320c45
Merge develop into feat-gdpr-author-erasure + Qodo feedback
JohnMcLear May 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 40 additions & 5 deletions doc/privacy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,12 +53,47 @@ plugin, and is thrown away on server restart.

See [`cookies.md`](cookies.md) for the full cookie list.

## Right to erasure
## Right to erasure (GDPR Art. 17)

See
[`docs/superpowers/specs/2026-04-18-gdpr-pr1-deletion-controls-design.md`](https://github.com/ether/etherpad/blob/develop/docs/superpowers/specs/2026-04-18-gdpr-pr1-deletion-controls-design.md)
for the deletion-token mechanism. Full author erasure is tracked as a
follow-up in [ether/etherpad#6701](https://github.com/ether/etherpad/issues/6701).
Etherpad anonymises an author rather than deleting their changesets
(deletion would corrupt every pad they contributed to). Operators
trigger erasure via the admin REST API:

```bash
curl -X POST \
-H "Authorization: Bearer <admin JWT / apikey>" \
"https://<instance>/api/1.3.1/anonymizeAuthor?authorID=a.XXXXXXXXXXXXXX"
```

The endpoint is gated by the `gdprAuthorErasure` setting (see
`settings.json`). It is **disabled by default**; set
`"gdprAuthorErasure": { "enabled": true }` to expose it. While
disabled, calls return HTTP 404 / API code 4 ("no such function").

What the call does:

- Zeros `name` and `colorId` on the `globalAuthor:<authorID>` record
(kept as an opaque stub so changeset references still resolve to
"an author" with no details).
- Deletes every `token2author:<token>` and `mapper2author:<mapper>`
binding that pointed at this author. Once removed, a new session
with the same token starts a fresh anonymous identity.
- Nulls `authorId` on chat messages the author posted; message text
and timestamps are unchanged.

What it does not do:

- Delete pad content, revisions, or the attribute pool. If a pad
itself should also be erased, use the pad-deletion token flow
(PR1, `deletePad`).
- Touch other authors' edits.

The call is idempotent: calling it twice on the same authorID
short-circuits the second time and returns zero counters. Pad-level
deletion is covered separately by the deletion-token mechanism in
[`docs/superpowers/specs/2026-04-18-gdpr-pr1-deletion-controls-design.md`](https://github.com/ether/etherpad/blob/develop/docs/superpowers/specs/2026-04-18-gdpr-pr1-deletion-controls-design.md);
the rest of the GDPR work is tracked in
[ether/etherpad#6701](https://github.com/ether/etherpad/issues/6701).

## Privacy banner (optional)

Expand Down
Loading
Loading